CVE-2018-4015

Summary

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aWebrootWebroot BrightCloud SDKaffected

Weaknesses

  • Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References